If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Tool list suggestions

Someone ( a typical home computer user ) has contacted me concerning a problem with their computer. It is possible that it is a spoofing incident, but the circumstances indicate strongly it is some type of Trojan / backdoor.

( I can’t / won’t be more specific at this time )

Over the phone I guided them through updating their anti-virus software ( found nothing ), installing a firewall ( Zone-Alarm ) and downloading and installing Ad-Aware ( found an excess of 450 items which were removed! ) and directed them toward the thread How to Lock Down Your WinXP Box...
which I was told they did. Also I was told that they have kept up with Microsoft updates.

I scanned their ports over the net. ( They have a cable modem w/router, found nothing unusual, but I was scanning the router, I believe it is a Linksys. )

The problem still persists.

At this time I am just going to try to identify the problem, am not foreseeing I will need forensic evidence for a court, and so I believe I should start by NOT disconnecting from the net to have them bring the machine to me.

You could also try Advanced Administrative Tools, at this time you can download a trial version of it. You can download it here: www.glocksoft.com/aatools.htm . Its a very useful tool as it has almost everything from whois, proxy analyzer, email verifier, link verifier and all kinds of other cool stuff. Good luck , i'm at work rite now but when I get home later on i'll get u some more programs that u could use.

[gloworange]\"Imagine a school with children that can read and write, but with teachers who cannot, and you have a metaphor of the Information Age in which we live.\" — Peter Cochrane[/gloworange]

I would recommend using Accessdata's FTK (Forensic Toolkit) at http://www.accessdata.com/Product04_...?ProductNum=04 which is expensive, but cheaper than their competitor. I purchased the Ultimate toolkit and a week long training course on the product. Its awesome.

Due to scheduling problems I could not get together with her to check the computer myself..

Here is what was happening; she was receiving e-mails sent from her own cable account to her AOL account which contained pictures and documents from her computer! She even received them after she updated her anti-virus software, installed firewall, etc.

I also began noticing reported attacks starting to show up from her cable address on Dshield.